Cloud Monitoring and Compliance

Continuous security and compliance for multi-cloud deployments

RedLock Cloud Threat Defense

Cloud security and compliance challenges hinder organizations’ ability to securely and confidently adopt public cloud. The dynamic nature of cloud, coupled with the complexity of multiple cloud service providers, multiple development teams, massive volumes of data, and daily – if not hourly – changes can quickly overwhelm security teams with lack of visibility, context and control.

RedLock redefines security for the multi-cloud era.

Cloud Visibility in Context

Security and compliance teams require complete visibility and context of an organization’s multi-cloud deployments to fully understand risk and compliance. RedLock® public cloud security and compliance service uses machine learning to understand the role and behavior of each cloud resource, and enriches visibility by correlating data from external sources – such as vulnerability scanners, threat intelligence tools and SIEMs – to deliver unmatched insight.

Detect Configuration Drifts & Compliance Violations

While the cloud enables agility by allowing users to create, modify and destroy resources on-demand, this often occurs without any security oversight. RedLock enables you to continuously monitor cloud resources for configuration drift. With hundreds of built-in policies to measure industry-standard best practices, including CIS, NIST and PCI, and the ability to craft custom policies, RedLock captures and records security violations so you have a historical record of your compliance posture.

Detect Suspicious User Activity

Because it’s common for multiple users to have privileged access in the cloud, it is imperative to monitor your entire multi-cloud environment for anomalous user activities. Unfortunately, the distributed nature of the cloud, with multiple accounts and regions, makes this difficult. RedLock consumes cloud-native API-layer metadata to establish behavior baselines, flagging deviations that signal account compromises and insider threats.

Detect Host Vulnerabilities

As is the case in on-premises environments, unpatched hosts in the cloud are vulnerable to attack. In the cloud, environments are constantly changing, and IP addresses are elastic, which makes stand-alone vulnerability management tools unreliable and ineffective. RedLock integrates with external and cloud-native vulnerability services to continuously scan your environment for unpatched hosts, especially those exposed to the internet.

Detect Network Intrusions

The absence of a physical network boundary to the internet increases the attack surface in the cloud by orders of magnitude. Monitoring network traffic is necessary for detecting suspicious activity. Traditional tools create security blind spots. RedLock ingests cloud-native API-layer metadata to help investigate and respond to threats in your multi-cloud environment.

Automate Incident Response

While point security products may be able to address each discrete challenge, they lack context and create alert fatigue. RedLock automatically computes risk scores for every cloud resource based on the severity of business risks, violations and anomalies, making it simple to prioritize the most important issues. From there you can have RedLock automatically remediate misconfigured policies, orchestrate security best practices, or send alerts via email or to third-party tools, such as Slack, and Splunk.


Key Use Cases

Accelerate Detection and Remediation

Prioritize vulnerabilities, detect threats, investigate current or past incidents, and auto-remediate issues across your entire cloud computing environment.

Learn more

Build Policy Guardrails

Enable DevSecOps by establishing policy guardrails to rapidly detect and remediate risks across resource configurations, network architecture, and user activities.

Learn more

Meet Data & Regulatory Mandates

Monitor, auto-remediate, and report on compliance using out-of-the-box policies for standards such as CIS, PCI, and HIPAA.

Learn more

Integral part of our comprehensive multi-cloud security platform

RedLock is a critical element of the Palo Alto Networks Security Operating Platform, enabling you to benefit from the industry’s most complete offering for public cloud security. Our other cloud products allow you to:


Protect and segment cloud workloads.

Public cloud services such as Amazon® Web Services (AWS®), Google Cloud Platform (GCP), and Microsoft® Azure can provide greater agility, scalability and infrastructure consistency than traditional data centers, but the risk of data loss and business disruption remains. With VM-Series virtual next-generation firewalls, you can prevent advanced threats, radically improve visibility into your applications, segment your workloads, and scale automatically based on demand. So you can accelerate your move to the public cloud, safely.

Learn more

Adopt advanced host-based protection

Cloud applications are constantly consuming multiple software components and services from various sources – including open-source communities. As new vulnerabilities are exposed, it is challenging to patch your apps instantly and ensure that you are protected from advanced threats. Traps™ advanced endpoint protection provides advanced host-based security to guarantee that the integrity of your operating system and application is not compromised.

Learn more

Protect data in cloud-native storage services

With public cloud storage security, you can discover and classify data within blobs and buckets; evaluate your exposure based on policy; auto-remediate publicly exposed data; and quarantine malware – so you can be assured your use of public cloud storage does not expose your company to new security vulnerabilities.

Learn More